MIPs portal vulnerability fix

# MIPs portal vulnerability fix On October 27th a whitehat found and reported an XSS vulnerability on the [Mips Portal](https://mips.makerdao.com), which allowed malicious users to modify the look and behavior of the website and share their modified version under the official domain name e.g. `https://mips.makerdao.com/mips/list?search=%3Cimg%20src%3Dx%20onerror%3D%22alert(%27xss%20vulnerability%20here%27)%22%3E` or a masked version of it `[Malicious Mips Portal](https://mips.makerdao.com/mips/list?search=%3Cimg%20src%3Dx%20onerror%3D%22alert(%27xss%20vulnerability%20here%27)%22%3E)` would display an alert when the page loaded (URLs used for reference only, even though they are safe now, feel free not to open them :)). For those who are not familiar with the term, [Cross-site Scripting (XSS)](https://en.wikipedia.org/wiki/Cross-site_scripting) vulnerabilities allow users to inject scripts into the client side of the website, making it possible to bypass access control, redirect to other websites or malicios clones of the same webiste, create MetaMask transactions or contract interactions, etc. Shortly after the report, GovAlpha set out to fixing the vulnerability by sanitizing all of the website inputs, this involved adding logic to the code of such inputs to analyze and remove anything a user enters that could be parsed as HTML or JavaScript when introducing data or performing searches. During the last couple of days we, as well as the whitehat, have been testing the fix on both staging and production environments and the vulnerability seems to have been successfully removed. This report was dealt with by GovAlpha directly as the MIPs Portal is currently not in scope for Immunefi's Bug Bounty Program. Following liaison with Immunefi we decided to pay the whitehat 2,500 DAI which would have been the qualifying amount for such a report under the Bug Bounty Program. This has been paid out of GovAlpha's contingency budget. We will be taking steps to get the MIPs Portal included in the Immunefi Bug Bounty Program. These are screenshots with some of the ways the vulnerabiliy could be exploited: ![](https://i.imgur.com/PbSIlg0.jpg) ![](https://i.imgur.com/tJuJoso.png) As a friendly reminder, always try to open links from official sources, and when that's not possible, pay extra attention to links others share with you.